public RestrictedActionAttribute(
PermissionResourceTypeEnum resourceType,
PermissionActionEnum action,
bool childAction = false)
{
_permissionSettingIdentity = PermissionSettingIdentity.Of(action, resourceType);
_childAction = childAction;
}
private PermissionUpdateModel(
IntranetMemberGroup group,
PermissionSettingValues settingValues,
PermissionSettingIdentity settingIdentity)
{
Group = group;
SettingIdentity = settingIdentity;
SettingValues = settingValues;
}
protected virtual IEnumerable <IIntranetMember> GetUsersWithAccess(PermissionSettingIdentity permissionSettingIdentity)
{
var result = _intranetMemberService
.GetAll()
.Where(member => _permissionsService.Check(member, permissionSettingIdentity))
.OrderBy(user => user.DisplayedName);
return(result);
}
public bool ValidatePermission(IPublishedContent content)
{
if (content.DocumentTypeAlias == GroupsCreatePage)
{
var hasPermission = _permissionsService.Check(PermissionSettingIdentity.Of(PermissionActionEnum.Create, PermissionResourceType));
return(hasPermission);
}
return(true);
}
public RestrictedActionAttribute(int resourceType, int action, bool childAction = false)
{
var permissionActionTypeProvider = DependencyResolver.Current.GetService <IPermissionActionTypeProvider>();
var permissionResourceTypeProvider = DependencyResolver.Current.GetService <IPermissionResourceTypeProvider>();
_permissionSettingIdentity = PermissionSettingIdentity.Of(
permissionActionTypeProvider[action],
permissionResourceTypeProvider[resourceType]);
_childAction = childAction;
}
protected virtual bool CanPerform(IIntranetActivity activity, PermissionActionEnum action, PermissionActionEnum administrationAction)
{
var currentMember = _intranetMemberService.GetCurrentMember();
var ownerId = ((IHaveOwner)activity).OwnerId;
var isOwner = ownerId == currentMember.Id;
var act = isOwner ? action : administrationAction;
var result = _permissionsService.Check(currentMember, PermissionSettingIdentity.Of(act, PermissionActivityType));
return(result);
}
private static PermissionUpdateModel CreatePermission(
IntranetMemberGroup group,
Resource resource,
PermissionActionEnum action,
bool allowed = true, bool enabled = true)
{
var identity = new PermissionSettingIdentity(action, resource);
var settings = new PermissionSettingValues(allowed, enabled);
return(new PermissionUpdateModel(group, settings, identity));
}
public bool CanPerform(GroupModel group, Enum action, Enum administrationAction)
{
var currentMember = _intranetMemberService.GetCurrentMember();
var ownerId = group.CreatorId;
var isOwner = ownerId == currentMember.Id;
var act = isOwner ? action : administrationAction;
var result = _permissionsService.Check(currentMember, PermissionSettingIdentity.Of(act, PermissionResourceType));
return(result);
}
public static IEnumerable <PermissionSettingSchema> BuildTree(Enum resource, ITree <Enum> actionTree)
{
var treeWithParents = actionTree
.WithAttachedParents()
.Flatten();
var settings = treeWithParents.Select(hierarchicalItem =>
PermissionSettingSchema.Of(
PermissionSettingIdentity.Of(hierarchicalItem.current, resource),
hierarchicalItem.parent));
return(settings);
}
public virtual GroupPermissionsViewModel Save(PermissionUpdateViewModel update)
{
var settingIdentity = PermissionSettingIdentity.Of(
_actionTypeProvider[update.ActionId],
_resourceTypeProvider[update.ResourceTypeId]);
var settingValue = PermissionSettingValues.Of(update.Allowed, update.Enabled);
var targetGroup = _intranetMemberGroupProvider[update.IntranetMemberGroupId];
var mappedUpdate = PermissionUpdateModel.Of(targetGroup, settingValue, settingIdentity);
_permissionsService.Save(mappedUpdate);
return(Get(update.IntranetMemberGroupId));
}
public async Task <GroupPermissionsViewModel> Save(PermissionUpdateViewModel update)
{
var settingIdentity = new PermissionSettingIdentity(
_actionTypeProvider[update.ActionId],
_resourceTypeProvider[update.ResourceTypeId]);
var settingValue = new PermissionSettingValues(update.Allowed, update.Enabled);
var targetGroup = _intranetMemberGroupProvider[update.IntranetMemberGroupId];
//var targetGroup = _intranetMemberGroupService.GetAll().First(x => x.Id == update.IntranetMemberGroupId);
var mappedUpdate = new PermissionUpdateModel(targetGroup, settingValue, settingIdentity);
await _permissionsService.SaveAsync(mappedUpdate);
return(await Get(update.IntranetMemberGroupId));
}
public static IEnumerable <PermissionSettingSchema> BuildTree(Enum resource, ITree <Enum> actionTree)
{
var treeWithParents = actionTree
.WithAttachedParents()
.Flatten();
var settings = treeWithParents
.Select(item =>
{
var permissionIdentity = new PermissionSettingIdentity(item.current, resource);
return(new PermissionSettingSchema(permissionIdentity, item.parent));
});
return(settings);
}
public async Task <bool> CheckAsync(IIntranetMember member, PermissionSettingIdentity settingsIdentity)
{
if (member.Groups == null)
{
return(false);
}
var permission = (await CurrentCacheAsync).Where(p => member.Groups.Select(g => g.Id).Contains(p.Group.Id) && p.SettingIdentity.Equals(settingsIdentity));
var isAllowed = permission
.ToList()
.Exists(p => p.SettingValues.IsAllowed);
return(isAllowed);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (Skip(filterContext))
{
return;
}
var permissionsService = HttpContext.Current.GetService <IPermissionsService>();
var isUserHasAccess = permissionsService.Check(PermissionSettingIdentity.Of(_action, _permissionResourceType));
if (!isUserHasAccess)
{
var context = filterContext.Controller.ControllerContext.HttpContext;
Deny(context);
}
}
public virtual ActionResult OwnerEdit(Guid ownerId, string ownerIdPropertyName, PermissionResourceTypeEnum activityType, IActivityCreateLinks links)
{
var model = new IntranetActivityOwnerEditModel
{
Owner = _intranetMemberService.Get(ownerId).Map <MemberViewModel>(),
OwnerIdPropertyName = ownerIdPropertyName,
Links = links
};
model.CanEditOwner = _permissionsService.Check(activityType, PermissionActionEnum.EditOwner);
if (model.CanEditOwner)
{
model.Members = GetUsersWithAccess(PermissionSettingIdentity.Of(PermissionActionEnum.Create, activityType));
}
return(PartialView(OwnerEditViewPath, model));
}
public ContentRestrictedActionApiAttribute(PermissionResourceTypeEnum resourceType, PermissionActionEnum action)
{
_permissionSettingIdentity = PermissionSettingIdentity.Of(action, resourceType);
}
private IEnumerable <IntranetMember> GetUsersWithAccess(PermissionSettingIdentity permissionSettingIdentity) => _memberService .GetAll() .Where(member => _permissionsService.Check(member, permissionSettingIdentity)) .OrderBy(user => user.DisplayedName) .ToArray();
public static PermissionUpdateModel Of(
IntranetMemberGroup group,
PermissionSettingValues settingValues,
PermissionSettingIdentity identity) =>
new PermissionUpdateModel(group, settingValues, identity);
public async Task <bool> CheckAsync(PermissionSettingIdentity settingsIdentity)
{
var member = await _intranetMemberService.GetCurrentMemberAsync();
return(await CheckAsync(member, settingsIdentity));
}
public virtual IEnumerable <PermissionSettingIdentity> GetDescendants(PermissionSettingIdentity parent)
{
var children = SettingsByParentSettingIdentityLookup[parent].ToArray();
return(children.Concat(children.SelectMany(GetDescendants)));
}
public virtual PermissionSettingValues GetDefault(PermissionSettingIdentity settingIdentity) => SettingsOverrides .ItemOrNone(settingIdentity) .IfNone(() => PermissionSettingValues.Of(GlobalIsAllowedDefault, GlobalIsEnabledDefault));
public virtual PermissionSettingValues GetDefault(PermissionSettingIdentity settingIdentity) => SettingsOverrides.ItemOrDefault(settingIdentity) ?? new PermissionSettingValues(GlobalIsAllowedDefault, GlobalIsEnabledDefault);
